uvm_fault(0xffffffff827cff50, 0xfffffd0000000018, 0, 1) -> e kernel: page fault trap, code=0 Stopped at _bpf_mtap+0x68: movl 0x18(%rbx),%r13d ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel page fault uvm_fault(0xffffffff827cff50, 0xfffffd0000000018, 0, 1) -> e _bpf_mtap(ffff800000aa7200,fffffd806f2fbf00,fffffd806f2fbf00,2) at _bpf_mtap+0x68 sys/net/bpf.c:1281 end trace frame: 0xffff800021f031f0, count: 0 ddb{1}> trace _bpf_mtap(ffff800000aa7200,fffffd806f2fbf00,fffffd806f2fbf00,2) at _bpf_mtap+0x68 sys/net/bpf.c:1281 tun_dev_read(5d00,ffff800021f03468,10) at tun_dev_read+0x113 spec_read(ffff800021f032b0) at spec_read+0xf1 sys/kern/spec_vnops.c:222 VOP_READ(fffffd807e867688,ffff800021f03468,10,fffffd807f7bf8a0) at VOP_READ+0xbf sys/kern/vfs_vops.c:247 vn_read(fffffd806889d7d0,ffff800021f03468,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375 dofilereadv(ffff800020e23ae8,f0,ffff800021f03468,0,ffff800021f03550) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237 sys_read(ffff800020e23ae8,ffff800021f03500,ffff800021f03550) at sys_read+0x83 sys/kern/sys_generic.c:157 syscall(ffff800021f035d0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021f035d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9ced0c183f0, count: -9 ddb{1}> show registers rdi 0xffffffff81666bd5 _bpf_mtap+0x65 rsi 0x14d rbp 0xffff800021f03180 rbx 0xfffffd0000000000 rdx 0x14e rcx 0xffff800020edc000 rax 0x3e r8 0xffffffff82420d25 pp_r600_decoded_lanes+0x9dbd r9 0xffff800000ac6664 r10 0xa r11 0x18a67df8b282db90 r12 0xfffffd806f2fbf00 r13 0x3e r14 0x2 r15 0xffff800000aa7200 rip 0xffffffff81666bd8 _bpf_mtap+0x68 cs 0x8 rflags 0x10246 __ALIGN_SIZE+0xf246 rsp 0xffff800021f030e0 ss 0x10 _bpf_mtap+0x68: movl 0x18(%rbx),%r13d ddb{1}> show proc PROC (syz-executor.0) pid=110370 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff800020e224f8,0xffffffff828b3dc0 process=0xffff800021f6ebc0 user=0xffff800021efe000, vmspace=0xfffffd807b2308b0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 73832 166730 62849 0 7 0 syz-executor.0 *73832 110370 62849 0 7 0x4000000 syz-executor.0 98899 464018 72527 0 2 0x10 syz-executor.1 98899 335285 72527 0 3 0x4000090 fsleep syz-executor.1 13541 327824 0 0 3 0x14280 nfsidl nfsio 4094 420345 0 0 3 0x14280 nfsidl nfsio 99882 110253 0 0 3 0x14280 nfsidl nfsio 1390 307200 0 0 3 0x14280 nfsidl nfsio 77140 509102 0 0 3 0x14280 nfsidl nfsio 59301 187080 0 0 3 0x14280 nfsidl nfsio 25038 126365 0 0 3 0x14280 nfsidl nfsio 56347 188495 0 0 3 0x14280 nfsidl nfsio 32573 490259 0 0 3 0x14280 nfsidl nfsio 55590 421703 0 0 3 0x14280 nfsidl nfsio 35047 107331 0 0 3 0x14280 nfsidl nfsio 70222 416908 0 0 3 0x14280 nfsidl nfsio 56468 333333 0 0 3 0x14280 nfsidl nfsio 8911 498063 0 0 3 0x14280 nfsidl nfsio 71910 42870 0 0 3 0x14280 nfsidl nfsio 76477 15712 0 0 3 0x14280 nfsidl nfsio 48671 161319 0 0 3 0x14280 nfsidl nfsio 95023 102437 0 0 3 0x14280 nfsidl nfsio 51980 271145 0 0 3 0x14280 nfsidl nfsio 4585 355157 0 0 3 0x14280 nfsidl nfsio 6919 452671 0 0 3 0x14200 bored sosplice 72527 108270 30114 0 3 0x82 nanosleep syz-executor.1 62849 185408 30114 0 3 0x82 nanosleep syz-executor.0 30114 494248 31591 0 3 0x82 thrsleep syz-fuzzer 30114 6201 31591 0 3 0x4000082 thrsleep syz-fuzzer 30114 523597 31591 0 3 0x4000082 thrsleep syz-fuzzer 30114 517722 31591 0 3 0x4000082 kqread syz-fuzzer 30114 449738 31591 0 3 0x4000082 thrsleep syz-fuzzer 30114 377204 31591 0 3 0x4000082 thrsleep syz-fuzzer 30114 492399 31591 0 3 0x4000082 thrsleep syz-fuzzer 30114 449007 31591 0 3 0x4000082 thrsleep syz-fuzzer 30114 489989 31591 0 3 0x4000082 thrsleep syz-fuzzer 30114 205476 31591 0 3 0x4000082 thrsleep syz-fuzzer 30114 223948 31591 0 3 0x4000082 thrsleep syz-fuzzer 31591 378067 41402 0 3 0x10008a pause ksh 41402 179545 92216 0 3 0x92 select sshd 67534 467055 1 0 3 0x100083 ttyin getty 92216 129088 1 0 3 0x80 select sshd 98600 372623 69624 74 3 0x100092 bpf pflogd 69624 24329 1 0 3 0x80 netio pflogd 82792 189821 83731 73 3 0x100090 kqread syslogd 83731 390355 1 0 3 0x100082 netio syslogd 84220 276510 1 77 3 0x100090 poll dhclient 21831 263167 1 0 3 0x80 poll dhclient 852 342532 0 0 3 0x14200 bored smr 65647 147858 0 0 2 0x14200 zerothread 354 232850 0 0 3 0x14200 aiodoned aiodoned 16148 76840 0 0 3 0x14200 syncer update 65074 56852 0 0 3 0x14200 cleaner cleaner 64406 180013 0 0 3 0x14200 reaper reaper 90599 46176 0 0 3 0x14200 pgdaemon pagedaemon 79725 295236 0 0 3 0x14200 bored crynlk 78012 66523 0 0 3 0x14200 bored crypto 61303 442758 0 0 3 0x40014200 acpi0 acpi0 9808 144142 0 0 3 0x40014200 idle1 98469 518166 0 0 3 0x14200 bored softnet 57048 375027 0 0 3 0x14200 bored systqmp 52132 31617 0 0 3 0x14200 bored systq 82694 65764 0 0 3 0x40014200 bored softclock 95459 53213 0 0 3 0x40014200 idle0 1 224788 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 73832 (syz-executor.0) thread 0xffff800020e23ae8 (110370) exclusive kernel_lock &kernel_lock r = 1 (0xffffffff82911f98) #0 witness_lock+0x4c7 stacktrace_save sys/sys/stacktrace.h:36 [inline] #0 witness_lock+0x4c7 sys/kern/subr_witness.c:1164 #1 vn_read+0x45 sys/kern/vfs_vnops.c:357 #2 dofilereadv+0x1a1 sys/kern/sys_generic.c:237 #3 sys_read+0x83 sys/kern/sys_generic.c:157 #4 syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] #4 syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 #5 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9568 6564K 7008K 78643K 12240 0 pcb 13 8K 8K 78643K 163 0 rtable 137 18K 19K 78643K 4171 0 ifaddr 118 22K 22K 78643K 312 0 sysctl 0 0K 0K 78643K 1 0 counters 45 34K 34K 78643K 103 0 ioctlops 0 0K 4K 78643K 2532 0 iov 0 0K 34K 78643K 2317 0 mount 1 1K 1K 78643K 1 0 vnodes 1222 77K 77K 78643K 1723 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 11 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 195 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1824 197K 290K 78643K 13058 0 file desc 6 17K 25K 78643K 1681 0 sigio 0 0K 0K 78643K 13 0 proc 65 63K 95K 78643K 555 0 subproc 32 2K 2K 78643K 34 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 75 0 in_multi 85 3K 4K 78643K 286 0 ether_multi 1 0K 0K 78643K 16 0 mrt 1 0K 0K 78643K 8 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 61 281K 281K 78643K 61 0 exec 0 0K 1K 78643K 305 0 pfkey data 0 0K 0K 78643K 2 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 163 138K 138K 78643K 6187 0 UVM aobj 29 4K 4K 78643K 46 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 133 0 NDP 18 0K 0K 78643K 82 0 temp 159 3871K 3938K 78643K 22931 0 kqueue 3 4K 9K 78643K 51 0 SYN cache 2 16K 16K 78643K 2 0 ddb{1}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 352 0 344 1 0 1 1 0 8 0 plcache 128 20 0 0 1 0 1 1 0 8 0 rtpcb 80 70 0 67 1 0 1 1 0 8 0 rtentry 112 1166 0 1123 2 0 2 2 0 8 0 unpcb 120 846 0 832 1 0 1 1 0 8 0 syncache 264 18 0 18 7 6 1 1 0 8 1 tcpqe 32 1102 0 1102 2 1 1 1 0 8 1 tcpcb 544 773 0 769 1 0 1 1 0 8 0 inpcb 296 1491 0 1484 7 5 2 2 0 8 1 rttmr 72 2 0 2 1 1 0 1 0 8 0 nd6 48 46 0 42 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 2 0 1 0 8 0 ppxss 1128 4 0 4 4 4 0 1 0 8 0 pffrag 232 7 0 5 4 3 1 1 0 482 0 pffrnode 88 7 0 5 4 3 1 1 0 8 0 pffrent 40 186 0 184 4 3 1 1 0 8 0 pfosfp 40 846 0 423 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfrktable 1344 55 0 44 4 2 2 2 0 8 1 pftag 88 3 0 2 2 1 1 1 0 8 0 pfqueue 264 2 0 2 1 1 0 1 0 8 0 pfstitem 24 34 0 32 1 0 1 1 0 8 0 pfstkey 112 34 0 32 1 0 1 1 0 8 0 pfstate 328 34 0 32 3 2 1 3 0 8 0 pfrule 1360 391 0 31 31 1 30 30 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 991 0 812 17 5 12 15 0 8 0 art_table 32 992 0 812 2 0 2 2 0 8 0 art_node 16 1165 0 1127 1 0 1 1 0 8 0 sysvmsgpl 40 31 0 15 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 192 0 182 1 0 1 1 0 8 0 shmpl 112 44 0 17 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 3516 0 2114 89 0 89 89 0 8 0 ffsino 272 3516 0 2114 95 0 95 95 0 8 0 nchpl 144 6808 0 5195 60 0 60 60 0 8 0 uvmvnodes 72 3901 0 0 71 0 71 71 0 8 0 vnodes 208 3901 0 0 206 0 206 206 0 8 0 namei 1024 18827 0 18827 3 2 1 1 0 8 1 percpumem 16 62 0 29 1 0 1 1 0 8 0 vcpupl 1984 13 0 0 2 0 2 2 0 8 0 vmpool 560 24 0 11 1 0 1 1 0 8 0 pfiaddrpl 120 18 0 11 2 1 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 18935 0 18935 11 10 1 7 0 8 1 plimitpl 152 85 0 77 1 0 1 1 0 8 0 sigapl 424 1917 0 1864 6 0 6 6 0 8 0 futexpl 56 24550 0 24549 4 3 1 1 0 8 0 knotepl 112 114 0 95 1 0 1 1 0 8 0 kqueuepl 144 156 0 153 1 0 1 1 0 8 0 pipelkpl 48 276 0 266 1 0 1 1 0 8 0 pipepl 120 552 0 533 2 1 1 2 0 8 0 fdescpl 496 1881 0 1864 3 0 3 3 0 8 0 filepl 152 11472 0 11364 9 4 5 6 0 8 0 lockfpl 104 317 0 315 1 0 1 1 0 8 0 lockfspl 48 117 0 115 1 0 1 1 0 8 0 sessionpl 112 18 0 7 1 0 1 1 0 8 0 pgrppl 48 30 0 19 1 0 1 1 0 8 0 ucredpl 96 837 0 827 1 0 1 1 0 8 0 zombiepl 144 1864 0 1864 4 3 1 1 0 8 1 processpl 984 1917 0 1864 8 1 7 7 0 8 0 procpl 624 5351 0 5286 7 1 6 6 0 8 1 sosppl 128 13 0 13 6 6 0 1 0 8 0 sockpl 400 2416 0 2392 11 8 3 6 0 8 0 mcl64k 65536 263 0 0 33 9 24 33 0 8 1 mcl16k 16384 3 0 0 1 0 1 1 0 8 0 mcl12k 12288 15 0 0 2 0 2 2 0 8 0 mcl9k 9216 6 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 11 0 0 2 0 2 2 0 8 0 mcl2k2 2112 3 0 0 1 0 1 1 0 8 0 mcl2k 2048 208 0 0 25 0 25 25 0 8 0 mtagpl 96 87 0 0 3 0 3 3 0 8 0 mbufpl 256 849 0 0 51 0 51 51 0 8 0 bufpl 280 6893 0 658 446 0 446 446 0 8 0 anonpl 16 166051 0 149826 114 34 80 82 0 124 10 amapchunkpl 152 11208 0 11071 42 31 11 20 0 158 4 amappl16 192 8817 0 7874 83 26 57 58 0 8 8 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 22 0 19 1 0 1 1 0 8 0 amappl13 168 30 0 26 1 0 1 1 0 8 0 amappl12 160 5 0 5 1 1 0 1 0 8 0 amappl11 152 57 0 42 1 0 1 1 0 8 0 amappl10 144 1670 0 1660 1 0 1 1 0 8 0 amappl9 136 389 0 387 1 0 1 1 0 8 0 amappl8 128 389 0 345 4 2 2 2 0 8 0 amappl7 120 1767 0 1751 1 0 1 1 0 8 0 amappl6 112 28 0 21 1 0 1 1 0 8 0 amappl5 104 1793 0 1776 1 0 1 1 0 8 0 amappl4 96 496 0 467 1 0 1 1 0 8 0 amappl3 88 148 0 142 1 0 1 1 0 8 0 amappl2 80 14114 0 14033 2 0 2 2 0 8 0 amappl1 72 46959 0 46511 23 13 10 18 0 8 0 amappl 80 5605 0 5552 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 45 0 17 1 0 1 1 0 8 0 uaddrrnd 24 1905 0 1875 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1905 0 1875 1 0 1 1 0 8 0 vmmpekpl 168 17030 0 16990 3 0 3 3 0 8 0 vmmpepl 168 227650 0 225422 143 34 109 110 0 357 10 vmsppl 368 1904 0 1875 3 0 3 3 0 8 0 pdppl 4096 3817 0 3763 8 1 7 7 0 8 0 pvpl 32 497616 0 478544 244 52 192 192 0 265 33 pmappl 232 1904 0 1875 2 0 2 2 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 384 0 29 11 0 11 11 0 8 0 ddb{1}> machine ddbcpu 0 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp ddb{0}> trace x86_ipi_db(ffffffff8274fff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:352 x86_ipi_handler() at x86_ipi_handler+0xc6 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 end of kernel end trace frame: 0x7f7ffffc4970, count: -3 ddb{0}> machine ddbcpu 1 Stopped at _bpf_mtap+0x68: movl 0x18(%rbx),%r13d ddb{1}> trace _bpf_mtap(ffff800000aa7200,fffffd806f2fbf00,fffffd806f2fbf00,2) at _bpf_mtap+0x68 sys/net/bpf.c:1281 tun_dev_read(5d00,ffff800021f03468,10) at tun_dev_read+0x113 spec_read(ffff800021f032b0) at spec_read+0xf1 sys/kern/spec_vnops.c:222 VOP_READ(fffffd807e867688,ffff800021f03468,10,fffffd807f7bf8a0) at VOP_READ+0xbf sys/kern/vfs_vops.c:247 vn_read(fffffd806889d7d0,ffff800021f03468,0) at vn_read+0x124 sys/kern/vfs_vnops.c:375 dofilereadv(ffff800020e23ae8,f0,ffff800021f03468,0,ffff800021f03550) at dofilereadv+0x1a1 sys/kern/sys_generic.c:237 sys_read(ffff800020e23ae8,ffff800021f03500,ffff800021f03550) at sys_read+0x83 sys/kern/sys_generic.c:157 syscall(ffff800021f035d0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:102 [inline] syscall(ffff800021f035d0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x9ced0c183f0, count: -9